VG Berlin - 1 K 391/20: Difference between revisions

From GDPRhub
No edit summary
 
(2 intermediate revisions by one other user not shown)
Line 64: Line 64:


=== Facts ===
=== Facts ===
In November 2019, the church tax office (controller) sent the data subjects questionnaires to provide information on the religious affiliation of their two minor children. In December 2019, the data subjects requested the controller to refrain from such requests. Nevertheless, the controller requested the data subjects to complete the forms again in January 2020.  
In November 2019, the church tax office (controller) sent the data subjects questionnaires to provide information on the religious affiliation of their two minor children. In December 2019, the data subjects requested the controller to refrain from such requests. Nevertheless, the controller requested the data subjects to complete the forms again in January 2020. Consequently, in August 2020, the data subjects filed a complaint with the Berlin DPA (Berliner Beauftragte für Datenschutz und Informationssicherheit). They claimed that the questionnaire was unlawful under data protection law. The DPA dismissed the complaint, arguing mainly that it was not competent to decide on the matter because of the church's special competence. Furthermore it did not find a breach of data protection law. Before the court, the data subjects pursued their claim.  
 
Consequetly, in August 2020, the data subjects filed a complaint with the Berlin DPA (Berliner Beauftragte für Datenschutz und Informationssicherheit). They claimed that the questionnaire was unlawful under data protection law.  
 
The DPA dismissed the complaint, arguing mainly that it was not competent to decide on the matter because of the church's special competence. Furthermore it did not find a breach of data protection law.  
 
Before the court, the data subjects pursued their claim.


=== Holding ===
=== Holding ===
The Administrative Court of Berlin dismissed the data subjects' claim.  
The Administrative Court of Berlin dismissed the data subjects' claim. The court agreed with the DPA that it had rightfully declared itself incompetent in the matter.  
 
The court agreed with the DPA that it had rightfully declared itself incompetent in the matter.


First, it held that church data protection such as in the case is subject to church supervision and not to state supervision. According to [[Article 91 GDPR#2|Article 91(2) GDPR]], churches are entitled to establish their own independent supervisory authorities. While the wording of the provision does not clearly state whether such authority must be of an official nature or independent, the court interpreted the provision based on its systematic nature. As [[Article 91 GDPR#2|Article 91(2) GDPR]] explicitly mentions that the specific supervisory authority must fulfill the conditions of Chapter VI of the GDPR, such reference would be redundant if only state authorities were allowed since such authorities have to fulfill these regulations in any case. This position ist also supported by Recital 128 GDPR. Therefore, the court found the indepenent nature of the church supervisory authorities to be GDPR-compliant.
First, it held that church data protection such as in the case is subject to church supervision and not to state supervision. According to [[Article 91 GDPR#2|Article 91(2) GDPR]], churches are entitled to establish their own independent supervisory authorities. While the wording of the provision does not clearly state whether such authority must be of an official nature or independent, the court interpreted the provision based on its systematic nature. As [[Article 91 GDPR#2|Article 91(2) GDPR]] explicitly mentions that the specific supervisory authority must fulfill the conditions of Chapter VI of the GDPR, such reference would be redundant if only state authorities were allowed since such authorities have to fulfill these regulations in any case. This position is also supported by Recital 128 GDPR. Therefore, the court found the independent nature of the church supervisory authorities to be GDPR-compliant.


Second, it clarified that church data protection law must be understood as a comprehensive data protection rule within the meaning of the GDPR. According to [[Article 91 GDPR#1|Article 91(1) GDPR]], churches may apply their own comprehensive rules relating data protection if they are in line with the GDPR. The court saw that compliance was sufficiently given in the data protection laws of the two big Christian churches in Germany.  
Second, it clarified that church data protection law must be understood as a comprehensive data protection rule within the meaning of the GDPR. According to [[Article 91 GDPR#1|Article 91(1) GDPR]], churches may apply their own comprehensive rules relating data protection if they are in line with the GDPR. The court saw that compliance was sufficiently given in the data protection laws of the two big Christian churches in Germany.  


Third, the court explained that the controller is subject to the supervision of the church supervisory authorities and that the supervision does not only concern members of the respective religious community. The court could not find any restriction of data subjects concerned by the church supervision to church members.  
Third, the court dismissed the argument of the data subjects that the church supervisory is only competent for members of the respective religious community and that for non-members the state authorities are competent. It underlined that the competence of the church supervisory authority is only dependent on the fact that a church institution has acted and that Article 91(1) GDPR does not establish any additional requirements like the data subjects being members of the respective religious community.  


In a last step, the court found that the DPA did indeed have no obligation to further investigate the case. Also, its decision had been correct as the court could not find a data protection violation by the controller because the information requested by the questionnaire was necessary for the controller to fulfill their obligations for church taxing purposes.  
In a last step, the court found that the DPA did indeed have no obligation to further investigate the case. Also, its decision had been correct as the court could not find a data protection violation by the controller because the information requested by the questionnaire was necessary for the controller to fulfill their obligations for church taxing purposes.  

Latest revision as of 14:17, 18 May 2022

VG Berlin - 1 K 391/20
Courts logo1.png
Court: VG Berlin (Germany)
Jurisdiction: Germany
Relevant Law: Article 91(1) GDPR
Article 91(2) GDPR
Decided: 07.04.2022
Published:
Parties: Berliner Beauftragte für Datenschutz und Informationssicherheit
National Case Number/Name: 1 K 391/20
European Case Law Identifier:
Appeal from:
Appeal to: Unknown
Original Language(s): German
Original Source: VIS Berlin (in German)
Initial Contributor: n/a

The Administrative Court of Berlin held that the Berlin DPA is not competent for matters of church taxes because of the special competence of the independent church supervisory authorities in accordance with Article 91 GDPR.

English Summary

Facts

In November 2019, the church tax office (controller) sent the data subjects questionnaires to provide information on the religious affiliation of their two minor children. In December 2019, the data subjects requested the controller to refrain from such requests. Nevertheless, the controller requested the data subjects to complete the forms again in January 2020. Consequently, in August 2020, the data subjects filed a complaint with the Berlin DPA (Berliner Beauftragte für Datenschutz und Informationssicherheit). They claimed that the questionnaire was unlawful under data protection law. The DPA dismissed the complaint, arguing mainly that it was not competent to decide on the matter because of the church's special competence. Furthermore it did not find a breach of data protection law. Before the court, the data subjects pursued their claim.

Holding

The Administrative Court of Berlin dismissed the data subjects' claim. The court agreed with the DPA that it had rightfully declared itself incompetent in the matter.

First, it held that church data protection such as in the case is subject to church supervision and not to state supervision. According to Article 91(2) GDPR, churches are entitled to establish their own independent supervisory authorities. While the wording of the provision does not clearly state whether such authority must be of an official nature or independent, the court interpreted the provision based on its systematic nature. As Article 91(2) GDPR explicitly mentions that the specific supervisory authority must fulfill the conditions of Chapter VI of the GDPR, such reference would be redundant if only state authorities were allowed since such authorities have to fulfill these regulations in any case. This position is also supported by Recital 128 GDPR. Therefore, the court found the independent nature of the church supervisory authorities to be GDPR-compliant.

Second, it clarified that church data protection law must be understood as a comprehensive data protection rule within the meaning of the GDPR. According to Article 91(1) GDPR, churches may apply their own comprehensive rules relating data protection if they are in line with the GDPR. The court saw that compliance was sufficiently given in the data protection laws of the two big Christian churches in Germany.

Third, the court dismissed the argument of the data subjects that the church supervisory is only competent for members of the respective religious community and that for non-members the state authorities are competent. It underlined that the competence of the church supervisory authority is only dependent on the fact that a church institution has acted and that Article 91(1) GDPR does not establish any additional requirements like the data subjects being members of the respective religious community.

In a last step, the court found that the DPA did indeed have no obligation to further investigate the case. Also, its decision had been correct as the court could not find a data protection violation by the controller because the information requested by the questionnaire was necessary for the controller to fulfill their obligations for church taxing purposes.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the German original. Please refer to the German original for more details.

enormous
The charges get dismissed.

The plaintiffs bear the costs of the proceedings.

The judgment is provisionally enforceable because of the cost. The plaintiffs can avert enforcement by providing security of 110% of the amount enforceable according to this judgment, unless the defendant provides security of 110% of the amount to be enforced before enforcement.

facts
marginal number1
The plaintiffs object to the termination of a complaints procedure by the Berlin Commissioner for Data Protection and Freedom of Information.

marginal number2
In letters dated November 21, 2019 and November 27, 2019, the church tax office at the Mitte/Tiergarten tax office asked the plaintiffs to provide information on the religious affiliation of their two underage children and sent a questionnaire to each of them. The questionnaires, which were identical in content, contained questions about the religious affiliation of the children.

paragraph 3
In a letter dated December 22, 2019, the plaintiffs asked the church tax office at the Mitte/Tiergarten tax office to refrain from querying the data relating to the children in the future. In a letter dated January 2, 2020, the church tax office asked the plaintiffs to fill out the forms.

paragraph 4
The plaintiffs then lodged a complaint with the Berlin Commissioner for Data Protection and Freedom of Information on August 3, 2020. The plaintiffs argued that the content of the questionnaire was inadmissible under data protection law. It is an "unreasonable dragnet" for potential church members.

Paragraph 5
In a decision dated September 16, 2020, the Berlin Commissioner for Data Protection and Freedom of Information announced that she was not responsible for reviewing the actions of the church tax office. She justified the incompetence with the fact that the administration of the church tax is the responsibility of the tax-entitled religious community. The churches are involved through so-called church tax offices at the tax offices. The church tax offices took care of determining the subjective church tax liability. Based on Article 91(2) of the General Data Protection Regulation - GDPR - the churches have specific supervisory authorities to which the complaint should be addressed.

recital 6
With a decision dated October 5, 2020, the Berlin Commissioner for Data Protection and Freedom of Information rejected the rest of the complaint. She explained that she had asked the Mitte/Tiergarten tax office for an opinion. The tax office reported that the facts presented by the plaintiffs were incorrect and that they had not forwarded any data to the church tax office. Therefore, no violation of data protection regulations can be determined.

Margin number7
With their lawsuit dated November 12, 2020, the plaintiffs are pursuing their request. You are of the opinion that the Berlin Commissioner for Data Protection and Freedom of Information has erroneously declared that it is not responsible for data processing by the church tax office. The data protection officer cannot invoke Art. 91 DS-GVO, since this only results in monitoring by a state supervisory authority. Religious communities are not exempt from official supervision based on Art. 91 (2) GDPR. It is true that religious societies are permitted to set up their own supervisory authorities. However, this only goes so far as the action to be examined relates to the members of the respective religious community. Neither they - the plaintiffs - nor their children are church members. The scope of the church's own supervisory activities also does not include any tax issues, since taxes are not a separate affair of the religious community. In any case, no self-governing supervision can be set up by the religious communities, since the churches have not fully implemented the current data protection regime. There is also a lack of independence in the church's data protection supervision. The concrete implementation of church data protection law is therefore subject to (subsidiary) control by state supervisory authorities and cannot be ensured by church data protection supervision. With regard to the review of the actions of the tax office, the plaintiffs claim that the Berlin Commissioner for Data Protection and Freedom of Information did not carry out an inspection despite obvious contradictions between the tax office and the church tax office. This is a complete loss of discretion with regard to the decision-making power. Sending the questionnaires violated their children's rights to informational self-determination. The transfer represents an unconstitutional “raster investigation practice” without cause.

paragraph 8
The plaintiffs request

Paragraph 9
to oblige the defendant, repealing the decisions of September 16, 2020 and October 5, 2020, to decide again on their complaint, taking into account the legal opinion of the court.

Paragraph 10
The defendant requests

Paragraph 11
reject the complaint.

Paragraph 12
In addition to the justification of the notifications of September 16 and October 5, 2020, the defendant is of the opinion that the scope of the investigation depends on the fundamental data protection significance of the case and the intensity of the encroachment on fundamental rights. The defendant is generally entitled to a wide discretion in the examination. With regard to the review of the actions of the church tax office, its incompetence already results from Art. 91 DS-GVO, since the standard grants the churches independent data protection supervision via paragraph 2. This stands next to the state data protection authorities. In addition to the wording, which is open to this, this also results from the history of the development of the standard. Church data protection law is in line with the General Data Protection Regulation. The church data protection supervisory authority is also responsible in this case, since this extends to data processing for the purpose of collecting church taxes. Incidentally, church supervision does not only apply to members of the religious community. Such a restriction results neither from the wording of Art. 91 DS-GVO nor from recital 165. Otherwise there would be a dual competence, which is not intended by the General Data Protection Regulation. With regard to the complaint against the tax office in Mitte/Tiergarten, the defendant adds that a proper review took place. Even if a data transfer had taken place, this would have taken place on the basis of a suitable legal basis.

Paragraph 13
Due to the further details of the facts and the further arguments of the parties involved, reference is made to the files in the dispute and the administrative process involved by the defendant.

Reasons for decision
Paragraph 14
The lawsuit, which the rapporteur decides on as a single judge without a hearing, after the Chamber has assigned the legal dispute to him for decision by decision of April 7, 2022 (§ 6 Para. 1 Administrative Court Code - VwGO) and the parties involved for a decision without a hearing, respectively have declared their consent (§ 101 Para. 2 VwGO) is unsuccessful. It is permissible but not justified.

Paragraph 15
1. The action is admissible. In particular, the plaintiffs are entitled to sue under Article 78 (1) GDPR within the meaning of Section 42 (2) VwGO. According to Art. 78 Para. 1 DS-GVO, every natural or legal person has the right to an effective judicial remedy against a legally binding decision of a supervisory authority affecting them, without prejudice to any other administrative or extrajudicial legal remedy. Regardless of whether the complaint decisions, i.e. the decisions of the Berlin Commissioner for Data Protection and Freedom of Information of September 16, 2020 and October 5, 2020, are to be classified as administrative acts within the meaning of Section 35 Sentence 1 VwVfG - which can also remain open here they each represent a legally binding decision within the meaning of Art. 78 Para. 1 DS-GVO. This results from recitals 141 and 143 DS-GVO. According to recital 141 sentence 1 DS-GVO, every data subject should have the right to lodge an effective judicial remedy if a supervisory authority - as here - rejects or rejects a complaint in whole or in part. Likewise, it follows from recital 143 sentence 4 GDPR that every natural person should have the right to an effective judicial remedy against a decision of the supervisory authority that has legal effects on this person. According to recital 143 sentence 5 GDPR, such a decision – regardless of its name – particularly affects the present rejection of a complaint (OVG Koblenz, judgment of October 26, 2020 – 10 A 10613/20, juris para. 29).

Paragraph 16
2. However, the lawsuit is unfounded. The plaintiffs are not entitled to an obligation on the part of the defendant to reassess their complaint.

Paragraph 17
The basis for the claim is Art. 57 (1) (f) GDPR. If a data subject raises a complaint within the meaning of Art. 77 GDPR, the supervisory authority must deal with the complaint in accordance with Art. 57 (1) lit. f) GDPR, investigate the subject of the complaint to an appropriate extent and the complainant within a reasonable period of time about the progress and the result of the investigation. The supervisory authority is then obliged to examine the complaint with all due care and to an appropriate extent. The principle of official investigation applies, so that the supervisory authority must also investigate other violations for which there are indications in the context of the complaint. The yardstick for the scope of the investigation is in particular the severity of the violation in question, but all other relevant aspects must also be taken into account, in particular those mentioned in Art. 83 Para. 2 GDPR (Kuhling/Buchner, General Data Protection Regulation BDSG, 3rd edition 2020, Art. 77 GDPR, para. 16).

Paragraph 18
a) In accordance with these principles, the respondent has fulfilled its obligations in handling the complaint. He determined the facts by taking note of the complaints submitted by the plaintiffs and asking the tax office in Mitte/Tiergarten to comment. The defendant then assessed the facts and informed the plaintiffs of the result of his examination with the decisions of the Berlin Commissioner for Data Protection and Freedom of Information of September 16, 2020 and October 5, 2020. He also informed the plaintiffs of the possibility of judicial legal protection against the complaint decision under Art. 78 Para. 1 DS-GVO and attached a corresponding instruction on legal remedies to the notification in the final decision of October 5, 2020 (see Art. 77 Para. 2 DS- GMO).

Paragraph 19
b) It is disputed whether a further judicial review should be carried out to determine whether the content of the defendant's decision on the complaint is correct. The chamber denied this in an urgent decision, since the right of appeal is designed as a right of petition (decision of January 28, 2019, VG 1 L 1.19, juris, para. 5; so now also with detailed reasoning OVG Koblenz, loc.cit., para. 37 ff .; loc. A. Halder, jurisPR-ITR 16/2020 note 6; Bergt, loc. Based on this, the claim of the plaintiffs is fulfilled, since the defendant has taken note of, examined and decided on the complaint of the plaintiffs.

Paragraph 20
There is no need to decide whether this case law should be adhered to, since the claim of the plaintiffs is also satisfied on the basis of the opposing opinion. According to the opposing opinion, the person concerned is entitled to a decision free of discretionary errors, which can be comprehensively reviewed and enforced by a court (Halder, jurisPR-ITR 16/2020 Ann. 6; VG Ansbach, judgment of August 8, 2019 - AN 14 K 19.00272, juris para. 43). If one follows this, the court not only has to examine the letter of complaint and the decision on the complaint, but also the complete procedural file including all statements by the person responsible and other findings of the supervisory authority (Will, ZD 2020, 97, 98). Based on this benchmark, nothing else applies in the result. The claim of the plaintiffs for a discretionary error-free decision on a registered letter from the defendant against the church tax office at the tax office Mitte/Tiergarten (aa)) and against the tax office Mitte/Tiergarten (bb)) is fulfilled.

Paragraph 21
aa) The decision of the Berlin Commissioner for Data Protection and Freedom of Information of September 16, 2020, according to which the Berlin Commissioner for Data Protection and Freedom of Information has no supervisory powers over the church tax office, is not objectionable. The assumption of their own incompetence was made without error of judgement. In this respect, ecclesiastical data protection is subject to ecclesiastical and not special state supervision (1); above all, ecclesiastical data protection law is to be understood as a comprehensive data protection rule within the meaning of the GDPR (2). The church tax office is subject to the supervision of the church supervisory authorities (3) and the supervision does not only affect members of the respective religious community (4).

Paragraph 22
(1) The ecclesiastical data protection is subject to the ecclesiastical and not a special state supervision. According to Art. 91 Para. 2 DS-GVO, the churches are entitled to set up their own supervisory authorities. According to Art. 91 (2) GDPR, churches and religious associations or communities that apply comprehensive data protection rules in accordance with paragraph 1 are subject to supervision by an independent supervisory authority, which can be of a specific nature, provided they meet the conditions laid down in Chapter VI of the Regulation Fulfills.

Paragraph 23
According to the wording of Art. 91 (2) GDPR, it remains open whether the independent supervisory authority - as claimed by the plaintiff - must be of an official nature or whether the churches can set up independent supervisory authorities. However, the system of the standard itself speaks for the possibility of setting up independent church supervisory authorities. According to Art. 91 (2) GDPR, the specific supervisory authority set up must meet the conditions laid down in Chapter VI (Art. 51-59 GDPR). State supervisory authorities, as the primary addressee of the norm, must comply with these regulations anyway, so that, conversely, Art. 91 (2) GDPR also allows the establishment of non-state supervisory authorities.

Recital 24
The will to create independent church supervisory authorities can also be seen from the history of the origins and the sense and purpose of Art. 91 Para. 2 DS-GVO. According to Article 17(1) of the Treaty on the Functioning of the European Union - TFEU - the Union respects and does not interfere with the status enjoyed by churches and religious associations or communities in the Member States under their legislation. Also in Art. 6, 8, 16, 17 and in particular 22 of the Charter of Fundamental Rights - GRCh - the principle of the religion-friendliness of the Union's action can be found (Meyer/Hölscheidt, Charter of Fundamental Rights of the European Union, 5th edition 2019 Art. 22 para. 24; Pechstein/Nowak/Häde, Frankfurt Commentary, 2017, Art. 22 para. 10). Following this principle, the General Data Protection Regulation also respects and affects the status that churches and religious associations or communities in the Member States enjoy under their existing constitutional provisions - in this case Article 140 GG in conjunction with Article 137 (3) WRV - in accordance with Recital 165 not. This assessment is made clear again when considering the Commission's proposal for the General Data Protection Regulation. Recital 128 there states that “Churches and religious associations or communities [should] be obliged to set up a fully independent data protection supervisory authority” (cf. COM(2012) 11 final, p. 42).

Paragraph 25
In this respect, member states can allow the establishment of their own, independent supervisory authorities for the religious community (cf. also Simitis/Hornung/Spiecker gen. Döhmann, Datenschutzrecht, 2019, Art. 91 DS-GVO, para. 24; Kühling/Buchner, loc.cit., Art. 91 DS-GVO, para. 18) and the data protection officers of the Protestant and Catholic Church stand alongside the state authorities (Taeger/Gabel, DS-GVO, 4th edition 2022, Art. 4 para. 465; Wolff/Brink, BeckOK data protection law, 39 . Edition 2021, Art. 4 GDPR, para. 165).

Paragraph 26
The churches have also complied with this by setting up an independent data protection supervisory authority, cf. §§ 42-47 law on church data protection - KDG - and §§ 39-42 church law on data protection of the Evangelical Church in Germany - DSG-EKD - , which basically meet the requirements of the GDPR for the independence of the supervisory authorities (cf. Kühling/Buchner, loc. cit., Art. 91 GDPR, para. 21 with further references). The supervisory authorities responsible in this case are the data protection officer of the Evangelical Church in Germany (Berlin branch office for the data protection region East, Invalidenstraße 29, 10115 Berlin) and the church data protection supervisory authority of the East German dioceses and the Catholic military bishop (Badepark 4, 39218 Schönebeck).

Paragraph 27
(2) Contrary to the view of the plaintiffs, ecclesiastical data protection law is to be understood as a comprehensive data protection rule within the meaning of the General Data Protection Regulation. According to Art. 91 Para. 2 DS-GVO, the prerequisite for the establishment of independent supervisory authorities is the application of comprehensive data protection rules within the meaning of Para. 1. According to Art. 91 Para. apply comprehensive rules for the protection of natural persons during processing, continue to apply these rules, provided that they are brought into line with the General Data Protection Regulation.

Paragraph 28
"Reconcile" does not mean congruence with the General Data Protection Regulation. Rather, the churches must be left with room for manoeuvre, which can also be seen in the legal system from a comparison with the stricter requirement of Art. 91 Para. 2 DS-GVO (cf. Sydow, DS-GVO, 2nd edition 2018, Art. 91 para. 20 ; Kühling/Buchner, loc. cit., Art. 91 para. 14 f.; Paal/Pauly, DS-GVO BDSG, 3rd edition 2021, Art. 91 DS-GVO, para. 16).

Paragraph 29
These requirements are met by church data protection laws. The two large churches in Germany have revised their data protection regulations with the KDG of the Roman Catholic Church and the DSG-EKD of the Evangelical Church; both came into force when the General Data Protection Regulation came into force on May 24, 2018 (cf. Section 58 (1) sentence 1 KDG, Section 56 sentence 2 DSG-EKD). Both sets of rules are evidently based on the General Data Protection Regulation, even with regard to the structure and order of the regulations; many regulations correspond almost verbatim with the corresponding regulations of the General Data Protection Regulation. Overall, these regulations are therefore in line with the General Data Protection Regulation (cf. e.g. Kühling/Buchner, loc. cit., Art. 91 DS-GVO, para. 15a; Gola, DS-GVO, 2nd edition 2018, Art. 91 para. 14 f.; Sydow, loc.cit., Art. 91 para. 30 et seq.; Paal/Pauly, loc.cit., Art. 91 GDPR, para. 15; Tinnefeld, ZD 2020, 145, 148).

Paragraph 30
(3) The church tax office is subject to the supervision of the church supervisory authorities. In this respect, the scope of the church data protection supervision also extends to data processing for the purpose of church tax collection.

Paragraph 31
In principle, Art. 140 GG in conjunction with Art. 137 (6) WRV grants the churches the right to pay their own taxes. The church tax is a real tax within the meaning of Section 3 of the Fiscal Code - AO - (Dreier, Basic Law, 3. Edition 2018, Art. 137 WRV, para. 118). This tax is a joint matter of state and church. However, this does not result in an inseparable unity, but rather the state and ecclesiastical legal structures are fundamentally separate. In the state of Berlin, the administration of the church tax according to § 1 paragraph 2 Church Tax Act Berlin - KiStG - in conjunction with § 2 paragraphs 1 and 3 of the law on the scope of application of the tax code of June 21, 1977 in the version of February 2, 2018 (GVBl. 2018, 160) - AOAnwG - in connection with the administrative agreement of the State of Berlin on the administration of church taxes by the Berlin tax authorities of December 19, 2011 (OJ 2011, 3041) transferred to the tax offices. The determination of the facts with regard to the subjective church tax liability remains with the religious communities (cf. No. 4 para. 1 sentence 2 letter a) of the administrative agreement). The religious community can perform these and the other tasks remaining with it according to No. 4 Para. 1 Sentence 2 of the agreement through church tax offices to be set up at the tax offices - also together with other tax-entitled religious communities (cf. No. 4 Para. 1 Sentence 1 of the administrative agreement ). The church tax office may also independently act externally to carry out tasks. No. 4 para. 1 sentence 3 and para. 2 of the administrative agreement speak in favor of this, according to which the change requests of the church tax office following from the completion of the task according to No. 4 para to provide information and documents required to fulfill their tasks. In addition, the transfer of the administration of church taxes to the Berlin tax offices and the authorization of the churches to maintain their own church tax offices at these offices in order to participate in the church tax administration are permissible forms of cooperation between state and church and in particular do not constitute any Art. 137 para. 1 WRV are prohibited state church legal forms (cf. VG Berlin, judgments of April 20, 2021 - VG 16 K 3/21, p. 9 f., n.v.; of December 12, 2019 - VG 27 K 292.15, juris marginal no. 179 ff. ; BVerfG, resolutions of October 23, 1986 - 2 BvL 7/84, 2 BvL 8/84, juris marginal note 27; of June 30, 2015 - 2 BvR 1282/11, juris marginal note 93 with further references).

Paragraph 32
If data processing occurs in this context, the question of belonging to a religious community must be answered primarily according to internal church law (Dürig/Herzog/Scholz, GG-Kommentar, 95. EGL 2021, Art. 137 WRV, para. 34). Membership in a religious community is not checked by the state, but is carried out independently by the religious community (cf. BVerfG, judgment of March 31, 1971 - 1 BvR 744/67, juris para. 17 ff.). It is a regulation of "own affairs" within the meaning of Art. 137 Para. 3 WRV. In the present case, the examination of the religious affiliation of the plaintiff's children is a matter for the church tax office. In this respect, it is an ecclesiastical matter that is also subject to ecclesiastical data protection and the ecclesiastical data protection supervision extends to this data processing for the purpose of church tax collection.

Paragraph 33
(4) The scope of church data protection supervision is not limited to members of the respective church. Neither the wording of Art. 91 GDPR nor Recital 165 support this interpretation made by the plaintiff. Art. 91 para. 1 DS-GVO only refers to a church and the protection of natural persons. According to the wording, there is no restriction to the members of this church. Rather, the questions of responsibility are linked to the acting institutions. Otherwise the churches would be subject to their own church supervision for their actions towards their members and otherwise to state supervision. However, this separation of supervisory responsibility is not provided for anywhere in the General Data Protection Regulation.

Paragraph 34
bb) The final decision of the Berlin Commissioner for Data Protection and Freedom of Information of October 5, 2020, according to which a violation of the General Data Protection Regulation by the tax office Mitte/Tiergarten could not be determined, is also not objectionable.

Paragraph 35
With regard to the regulatory procedure, the authority has a wide scope for discretion (Paal/Pauly, loc Intensity of the encroachment on fundamental rights (Paal/Pauly, loc.cit., Art. 77 GDPR, para. 5; Gola, loc.cit., Art. 57 para. 9). Even the initiation of a supervisory authority procedure often leads to the supervisory authority fulfilling its corresponding obligations in a specific case (Kuhling/Buchner, loc. cit., Art. 77 GDPR, para. 17). The supervisory authority is only obliged to take action with the aim of stopping the violation if legal violations are identified. A right to a specific measure only exists if discretionary power is reduced to zero (OVG Hamburg, judgment of October 7, 2019 - 5 Bf 279/17 , juris para. 72).

Paragraph 36
The chosen procedure satisfies these requirements if the defendant, as in the present case, requests the Mitte/Tiergarten tax office to comment, assesses the facts of the case and rejects the complaint due to the lack of a recognizable violation of data protection regulations. The decision-making discretion exercised in this respect not to proceed any further was not defective. Rather, the defendant properly exercised its discretion by requesting the opinion of the tax office Mitte/Tiergarten and the evaluation of the answer. In particular, the decision not to take any further measures following the opinion of the tax office does not represent a complete loss of discretion, contrary to what was argued by the plaintiff. There is also no reduction in discretion to zero. Due to the case law of the adjudicating court (cf. VG Berlin, judgments of April 20, 2021 - VG 16 K 3/21, n.v.; of December 12, 2019 - VG 27 K 292.15; March 22, 2012 - VG 20 K 123.10) it was missing a reason for a more extensive examination of the complaint and clarification of the facts by the defendant. Because even if, contrary to the statement of the tax office, a data transmission had taken place, the tax office would be entitled to transmit the name and address of the plaintiffs and their children to the church tax office. In this respect, even in the case of a data transmission, there would be no fundamental data protection significance, which is why there was no need for a further examination or intervention by the defendant.

Paragraph 37
(1) The tax offices are - as already explained above - obliged to provide the church tax offices with the information and documents required to fulfill their tasks. Due to the distribution of tasks between the tax offices and the church tax offices, the tax office would be entitled both in accordance with Section 30 (4) No. 1 in conjunction with Section 2 No. 1a) AO in conjunction with Section 7 KiStG and in accordance with Article 18 (4) of the Berlin Evangelical Church Agreement of 20 February 2006 (GVBl. 2006, 715) obliged to transmit the name, address and the non-affiliation of the plaintiffs and their children to a religious community to the church tax office in order to carry out church tax proceedings (cf. VG Berlin, judgment of December 12, 2019 - VG 27 K 292.15, juris paras. 189 et seq., 234; see also OVG Berlin-Brandenburg, decision of July 2, 2020 - 12 N 48/20, p. 10 BA, nv.).

Paragraph 38
According to Art. 18 Para. 4 of the Berlin Evangelical Church Agreement, which also applies to the Catholic Church according to the principle of parity (cf. BVerfG, decision of May 12, 2009 - 2 BvR 890/06, juris para. 173), the tax authorities are obliged to to provide the responsible church authorities with the information and documents that are required, among other things, for the implementation of taxation (cf. VG Berlin, judgment of December 12, 2019 - VG 27 K 292.15, juris marginal number 156). Pursuant to § 7 sentence 1 KiStG, the provisions of the tax code – with the exception of those mentioned in sentence 2 – apply accordingly to the taxes under this law. Accordingly, § 30 AO on tax secrecy is also applicable in the context of church tax proceedings, which makes an exception to this if the disclosure or use of protected personal data serves to carry out a tax procedure (cf. § 30 Para. 4 No. 1 in conjunction with Para. 2 No. 1a) AO). Even under these conditions, the transmission of the personal data of the plaintiffs or their children by the tax office to the church tax office would be lawful because it served the purpose of taxation with the church tax.

Paragraph 39
(2) A data transmission by the tax office to the church tax office would also be proportionate. The disclosure of personal data serves a tax procedure within the meaning of Section 30 (4) No. 1 AO if there is a direct functional connection between disclosure and the implementation of the procedure (BFH, decision of July 7, 2008 - II B 9/07, juris para. 8 f.). In order to fulfill the task assigned to it of determining the church tax (see No. 2 of the administrative agreement of December 19, 2011), the clarification of the subjective church tax liability by the church tax office responsible for this is necessary, so that the data transmission by the tax office with the determination of church tax would also stand in a direct functional connection. In no way would the disadvantages resulting from the notification be grossly disproportionate to the intended tax goal, since the churches are allowed to levy taxes on their members (cf. BVerfG, decision of August 19, 2002 - 2 BvR 443/01, juris para. 65) .

Paragraph 40
(3) To the extent that the plaintiffs have constitutional concerns with regard to the fundamental right to informational self-determination from Article 2(1) in conjunction with Article 1(1) GG, the negative freedom of belief from Article 4(1) GG and the duty of the state comment on religious and ideological neutrality, the adjudicating court does not share this and refers to the relevant statements in the judgment of the Berlin Administrative Court of December 12, 2019 - VG 27 K 292.15, juris marginal nos. 206 ff., 218 ff.

Paragraph 41
In addition, it must be stated that even the data protection report referred to by the plaintiff (Annex K 6) comes to the conclusion that the responsible tax office would have been entitled to carry out the necessary investigations into church tax liability. Under these circumstances, a potential data transfer from the tax office to the church tax office cannot justify such a serious violation, so that - based on the data protection result of the expert opinion mentioned - when weighing up the individual interests of the potential taxpayer children of the plaintiff, not because of (supposedly) procedurally flawed data transfers with a substantively applicable tax and the duty of the state to ensure a lawful and even tax assessment, the state interest outweighs and a remote effect of a prohibition on later, lawfully obtained investigation results is to be rejected (cf. VG Berlin, judgment of April 20, 2021 - VG 16 K 3/21, p. 13, n.v.; OVG Berlin-Brandenburg, decision of July 2, 2020 - OVG 12 N 48/20, p of April 15, 2015 – VIII R 1/13, juris para. 42).

Paragraph 42
3. The decision on costs is based on Section 154 (1) VwGO. The decision on the provisional enforceability follows from § 167 VwGO in conjunction with §§ 708 No. 11, 709 sentence 2 and § 711 sentence 1 and 2 of the Code of Civil Procedure.

Paragraph 43
DECISION
The value of the subject matter of the dispute is determined in accordance with §§ 39 et seq., 52 f. of the Court Costs Act
5,000.00 euros
fixed.